Posted by PIN on Jul 16

/* glibc fastbin / tcmalloc / jemalloc double destructor/free example
*
* This example demonstrates a pattern with a base type with a protected
* destructor so as to avoid glibc’s corruption of the vftable pointer,
* that exact condition does not exhibit itself with jemalloc, however
* there appears to be additional memory corruption in tcmalloc that
* leaves the heap in a less than stable state, however it was not
* further…

Posted by Zach C on Jul 16

Part 11 of Broken, Abandoned, and Forgotten Code is up! In this part,
we regenerate the SquashFS filesystem for our exploit firmware. We
have to shrink the firmware image down to 4MB from nearly 9MB to avoid
crashing the R6200’s UPnP daemon. We also add one more field to the
firmware header that, if absent, will cause the bootloader to hang.

Here’s a link to part 11:
http://shadow-file.blogspot.com/2015/07/abandoned-part-11.html

If…

Posted by Joshua Wright on Jul 16

This was my morning LOL:

$ curl -O http://totolink.net/include/download.asp?path=down/010300&file=TOTOLINK%20N300RG_8_70.zip
$ unzip TOTOLINK N300RG_8_70.bin
$ binwalk -e TOTOLINK N300RG_8_70.bin

DECIMAL HEXADECIMAL DESCRIPTION
——————————————————————————–
0 0x0 uImage header, header size: 64 bytes, header CRC: 0xB0D462F0, created: 2013-08-19
07:55:35,…